DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux

Audit Details

Name: DISA STIG IBM DB2 v10.5 LUW v1r4 OS Linux

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Unix

Revision: 1.6

Estimated Item Count: 45

File Details

Filename: DISA_STIG_IBM_DB2_v10.5_LUW_v1r4_OS_Linux.audit

Size: 108 kB

MD5: 05898d45689fbb5d0b783083e3b193f2
SHA256: 5bb6865801dff9fc9c4ce8c9b2fac1a11fe3eb4e9dce785b4ec484405b4554a5

Audit Items

DescriptionCategories
DB2X-00-000300 - DB2 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals - config file

ACCESS CONTROL

DB2X-00-002200 - The audit information produced by DB2 must be protected from unauthorized read access - ownership

AUDIT AND ACCOUNTABILITY

DB2X-00-002200 - The audit information produced by DB2 must be protected from unauthorized read access - verify setting

AUDIT AND ACCOUNTABILITY

DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification - ownership

AUDIT AND ACCOUNTABILITY

DB2X-00-002300 - The audit information produced by DB2 must be protected from unauthorized modification - verify setting

AUDIT AND ACCOUNTABILITY

DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion - ownership

AUDIT AND ACCOUNTABILITY

DB2X-00-002400 - The audit information produced by DB2 must be protected from unauthorized deletion - verify setting

AUDIT AND ACCOUNTABILITY

DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs) - INSTALL

CONFIGURATION MANAGEMENT

DB2X-00-002900 - The OS must limit privileges to change the DB2 software resident within software libraries (including privileged programs) - INSTANCE

CONFIGURATION MANAGEMENT

DB2X-00-003100 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications - INSTALL

CONFIGURATION MANAGEMENT

DB2X-00-003100 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications - INSTANCE

CONFIGURATION MANAGEMENT

DB2X-00-003400 - Default demonstration and sample databases, database objects, and applications must be removed.

CONFIGURATION MANAGEMENT

DB2X-00-003500 - Unused database components, DBMS software, and database objects must be removed.

CONFIGURATION MANAGEMENT

DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments - SSL_SVCENAME

CONFIGURATION MANAGEMENT

DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments - SVCENAME

CONFIGURATION MANAGEMENT

DB2X-00-003800 - DB2 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

DB2X-00-004100 - If passwords are used for authentication, DB2 must transmit only encrypted representations of passwords - AUTHENTICATION

IDENTIFICATION AND AUTHENTICATION

DB2X-00-004100 - If passwords are used for authentication, DB2 must transmit only encrypted representations of passwords - DB2AUTH

IDENTIFICATION AND AUTHENTICATION

DB2X-00-004600 - DB2 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations - DB2COMM

IDENTIFICATION AND AUTHENTICATION

DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SSL

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SSL_SVCENAME

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005100 - DB2 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values - SVCENAME

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - History

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Recovery Plan

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Roll forward

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Tested

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users - Audit Log

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users - Backup History

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users - Database

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users - Instance

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users - LOGARCHMETH

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-005800 - Access to database files must be limited to relevant processes and to authorized, administrative users - Transaction Paths

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-007300 - DB2 must utilize centralized management of the content captured in audit records generated by all components of DB2.

AUDIT AND ACCOUNTABILITY

DB2X-00-007500 - DB2 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

AUDIT AND ACCOUNTABILITY

DB2X-00-007600 - DB2 must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.

AUDIT AND ACCOUNTABILITY

DB2X-00-007700 - DB2 must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

AUDIT AND ACCOUNTABILITY

DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration of DB2 or database(s) - Install

CONFIGURATION MANAGEMENT

DB2X-00-008100 - DB2 and the operating system must enforce access restrictions associated with changes to the configuration of DB2 or database(s) - Instance

CONFIGURATION MANAGEMENT

DB2X-00-008200 - DB2 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of DB2 or database(s) - OS Auditing

CONFIGURATION MANAGEMENT

DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance - SSL

CONFIGURATION MANAGEMENT

DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance - SSL_SVCENAME

CONFIGURATION MANAGEMENT

DB2X-00-008300 - DB2 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance - SVCENAME

CONFIGURATION MANAGEMENT

DB2X-00-009100 - DB2 must maintain the confidentiality and integrity of information during preparation for transmission.

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-009200 - DB2 must maintain the confidentiality and integrity of information during reception.

SYSTEM AND COMMUNICATIONS PROTECTION

DB2X-00-012600 - DB2 must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.

AUDIT AND ACCOUNTABILITY